Get FREE update from Owojela's Blog by simply entering your e-mail

Click to follow us on Twitter

How Hackers are hacking websites to make crypto-cash

It has being
reported that school, charity and file-sharing websites have been caught out by
scammers who are using them to generate crypto-cash.

Hackers have
managed to install code on the sites that uses visitors' computers to
"mine" the cyber-currencies.

One scan of
the most popular websites found hundreds harbouring the malicious mining code.

By getting
lots of computers to join the networks, attackers can quickly generate cash.

"This
is absolutely a numbers game," said Rik Ferguson, vice-president of
security research at Trend Micro.

Mr Ferguson
said crypto-currencies operated by getting lots of computers to work together
to solve the tricky mathematical problems that generate new digital
"coins".

The number
crunching is called mining and new crypto-coins are handed out to miners who
are the first to solve the complex sums.

The more
computer power that someone can amass, said Mr Ferguson, the more coins they
can generate.

"There's
a huge attraction of being able to use other people's devices in a massively
distributed fashion because you then effectively take advantage of a huge
amount of computing resources," he said.

"Crypto-coin
mining malware is nothing new," said Mr Ferguson, adding that the growing
value of established cyber-currencies and the emergence of potentially valuable
new ones was driving malicious use of the scripts.

A security
researcher has scanned the code behind the million most popular websites to see
which ones are running the widely used Coin Hive mining script.

Many sites
use this and others, such as JSE Coin, legitimately to generate some money from
their steady stream of visitors. Metrics published on the Coin Hive site
suggest that a site that gets one million visitors a month would make about
$116 (£88) in the Monero crypto-currency by mining.

On many
sites found in the scan, the way the script was concealed suggested it had been
uploaded surreptitiously.

According to
BBC, when several of the sites in the UK running the Coin Hive script were
contacted, those that responded said they did not know who added it to their
site. Some have now deleted the mining code, updated their security policies
and are investigating how the code was implanted.

Coin Hive's
developers said it had also taken action against malicious use.

"We had
a few early users that implemented the script on sites they previously hacked,
without the site owner's knowledge," they said in a message to the BBC.
"We have banned several of these accounts and will continue to do so when
we learn about such cases."

It
encouraged people to report malicious use of Coin Hive and said any site using
it should inform users that their computer could be enrolled in a mining
scheme. Some security programs and ad-blocking software now warn users when
they encounter miners.

Security
service Cloudflare has also suspended the accounts of some customers after they
started using mining scripts. It explained its action by saying that it
considered the code to be malware if visitors were not told about it.

Surreptitious
coin mining is not just a problem for websites that have been hit by hackers.
Many others across the tech world are moving to tackle the problem.

Last week,
two senior officials in the Crimean government were reportedly fired because
they had started using a lot of official machines to mine bitcoin. The creators
of the FiveM add-on or "mod" for video game GTA V released an update
which stopped people adding miners to their code.

High-profile
websites including the Pirate Bay, Showtime and TuneProtect have all been found
to be harbouring the script.

Prof Matthew
Caesar, a computer scientist at the University of Illinois, said mining was
also starting to cause problems for companies that offered cloud-based
computing services.

Prof Caesar
said he and student Rashid Tahir started investigating the problem after
conversations with several cloud firms revealed that all of them had
experienced trouble with coin-mining.

"If
someone can hack into a cloud account they have access to a huge amount of
computer power," he said. "They can get huge value from those
accounts because there's not much limit on the number of machines they can use.

"Often,"
he said, "the billing systems the cloud services run do not reveal what's
going on. Someone can get in and cause a lot of damage before they are shut
down."

Victims can
be left with huge bills for servers that attackers rented to do their
coin-mining, he said.

The Illinois
researchers are developing a monitoring system that can spot when the mining
software was being used, he said.

The ways
that modern processors handle the complicated maths demanded by
crypto-currencies are relatively easy to spot if someone goes looking for them,
said Prof Caesar.

"We're
in the process of working with one cloud computing company to deploy the monitor
in their network," he said.

"We're
also looking at how we can do this on personal computers as well," he
added.

The federal
government through the Federal Airports Authority of Nigeria (FAAN) has apologised
to Air Peace Airlines and its passengers after a herd of cattle strayed onto
the runway of Akure Airport in Ondo state.

Nigerian
football star Victor Moses scored on his 209th Premier League appearance as
Chelsea put behind them their recent struggles by thrashing West Bromwich
Albion 3-0 at the Stamford Bridge on Monday.

Do you use Startimes decoder and you are asking how to recharge your Startimes decoder using your phone with you Gtbank account, then you are in the right place. I will be showing you, or rather teaching you how you can recharge your Startimes decoder or rather pay for your Startimes subscription using your GTbank account with your mobile phone in 2017, be it Nokia torch light or any non-smartphone.

The Special
Assistant to President Muhammadu Buhari on Social Media, Lauretta Onochie has
responded to the claims that the Tsaigumi commissioned in Kaduna during the
week, was first launched by ex-president Goodluck Jonathan in 2013.